cvelistv5 - cve-2010-2453

cve-2010-2453

Vulnerability from cvelistv5

Published

2010-09-29 16:00

Modified

2024-08-07 02:32

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://www.securityfocus.com/archive/1/513970/100/0/threaded

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:32:16.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2453",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2453",
    "datePublished": "2010-09-29T16:00:00",
    "dateReserved": "2010-06-24T00:00:00",
    "dateUpdated": "2024-08-07T02:32:16.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-2453\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-09-29T17:00:02.993\",\"lastModified\":\"2018-10-10T19:59:35.683\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \\\"web commands injection\\\" issue.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Synology Disk Station v2.x antes de DSM3.0-1337 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante la conexi\u00f3n al servidor FTP y proporciondo un comando (1) USER o (2) PASS manipulados, los cuales son escritos por el m\u00f3dulo de registro (log) del FTP a una ventana de registro de interfaz web, relacionadas con un problema de \\\"inyecci\u00f3n de comandos web\\\" .\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"850A03A9-978D-4A60-90B2-A037023A34C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"121E0EE0-0673-42AB-B7E2-CD6729BE26F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FB4A66B-FC2F-47A3-8480-695DE2D52979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F61AF3A3-09BD-4EE0-95A6-984CD8B1D71B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B20EE94-8F9F-45D1-97F1-C429D75E8666\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC7BB6B-C5F5-42F1-B4B6-39B011C3515B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F02F59B2-0224-4CF6-AF55-C2A7B0919955\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7AADE49-1663-48E9-BEE4-E4FF955FC7F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D469DB1-81A7-4F57-833F-CC796C4391F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:synology:dsm:3.0-1334:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E14D8A0D-1621-4462-B683-8CB45AB24093\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds1010\\\\+:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B99359E4-8DFE-4995-9893-CCA6CEB4B8F9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68BC068B-16C8-4B4F-9851-4B5293FAEF68\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds110\\\\+:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1166EF93-847B-4D97-BE07-A6DE16B5E2A7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14FF9E89-018F-4726-BBA3-4ADD1E73F021\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B3B3E5F-7F93-424C-842D-6D9A793972F9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds210\\\\+:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4719A127-3E49-4B74-AECB-023D17DB0528\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F66242-CE8F-4569-97CF-63312CC2D358\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294CBF5E-AB11-42A1-9466-B62224CE976F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDF651B4-C186-40B5-8F76-9CD1983E919E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29EFF4D3-362B-40A2-8DEC-3BD20D2859F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds411\\\\+:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC21A0D4-CB0F-4336-AF71-1DFE1DFDDE28\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:synology:disk_station_ds710\\\\+:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C4D1826-8C3B-4789-A6AD-B5FCF9980936\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/archive/1/513970/100/0/threaded\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. Synology DiskStation Manager is prone to multiple HTML-injection vulnerabilities because the device's web-based administration application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Synology DiskStation Manager 2.x is vulnerable; other versions may also be affected. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/

Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453

INTRODUCTION

Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology's goal is to deliver user-friendly storage solutions and solid customer service to satisfy the needs of businesses, home offices, individual users and families.

The disk station product provided by Synology as Network Attached Storage is vulnerable to multiple vulnerabilities including the possibility of remote command execution via CSRF (Cross Site Request Forging) through FTP login console. The FTP server is provided as a configurable service through web interface which provides backend access to manage the disks station. The problem occurs in the FTP logging mechanism together with the admin interface used to view those logs. The FTP console input in the form username and password gets logged in the web application interface.

This problem was confirmed in the following versions of Synology Disk Station, other versions may be also affected.

Synology Disk Station 2.x

Synology issued an update for this vulnerability in the release DSM3.0-1337.

CVSS Scoring System

The CVSS score is: 9.5 Base Score: 10 Temporal Score: 9.5 We used the following values to calculate the scores: Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal score is: E:F/RL:U/RC:C

DETAILS

There are four steps for exploitation, specified here together with the identified problem:

1. The attacker can inject malicious input from the FTP login console. As the authentication credentials are inappropriate the FTP authentication 
module generates error and the requisite input is logged in to the web interface of the disk station. 
2. Secondly the FTP logging module is not designed appropriately and the content comes from the FTP login console is directly placed into the log 
window without verification of the Content-Type parameter. The content is allowed to be rendered as HTML, Script etc. An attacker can inject 
malicious HTML tags, DOM calls, third part y scripts, CSRF calls that gets executed in the context of logged in account which is administering it. 
3. Usually log mechanism is handled by the admin account. The chances of code execution and injection fulfillment are high within full privileges 
as of administrator. So any code injected by the attacker becomes persistent in most of the cases and remain there for execution. Moreover CSRF 
code with malicious calls can be executed without user interaction. 
4. Attacker has to be well versed in directory structure of the disk station manager so that injections can be made according to that and further 
operations can be performed. The FTP servers accept username string upto 80-100 characters which is good enough to craft injections to get the 
things done The scripts can be inserted from local domain or LAN or third party source to inject arbitrary code.

C:\Users\Administrator>ftp example.com Connected to example.com. 220 Disk Station FTP server at DiskStation ready. User (example.com:(none)): "/> 331 Password required for "/> Password: 530 Login incorrect. Login failed. ftp> Invalid command. ftp> bye 421 Timeout (300 seconds): closing control connection.

In order to determine the size of the allowed input string, we can do:

C:\Users\Administrator>ftp example.com Connected to example.com. 220 Disk Station FTP server at DiskStation ready. User (example.com:(none)): AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -> Our input 331 Password required for AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA. -> The total lenght really used Password: 530 Login incorrect. Login failed. ftp> Invalid command. ftp> bye 421 Timeout (300 seconds): closing control connection.

CREDITS

This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT) and Aditya K. Sood from Secniche.

Best Regards,

Rodrigo.

-- Rodrigo Rubira Branco Senior Security Researcher Vulnerability Discovery Team (VDT) Check Point Software Technologies

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201009-0275",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.2-1045"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.2-0942"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.3-1144"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.2-1042"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.3-1139"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.3-1161"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.3-1141"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "3.0-1334"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.2-1041"
      },
      {
        "model": "dsm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "2.3-1157"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "synology",
        "version": "3.0-1337"
      },
      {
        "model": "diskstation manager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "synology",
        "version": "2.x"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "synology",
        "version": "2.x"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "43542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:3.0-1334:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds110\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds1010\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds710\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds411\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds210\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2453"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Rodrigo Rubira Branco, Check Point Vulnerability Discovery Team (VDT) and Aditya K. Sood, Secniche",
    "sources": [
      {
        "db": "BID",
        "id": "43542"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-2453",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2010-2453",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-45058",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-2453",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201009-279",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-45058",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45058"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue. Synology DiskStation Manager is prone to multiple HTML-injection vulnerabilities because the device\u0027s web-based administration application fails to properly sanitize user-supplied input before using it in dynamically generated content. \nAttacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. \nSynology DiskStation Manager 2.x is vulnerable; other versions may also be affected. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network. Check Point Software Technologies - Vulnerability Discovery Team (VDT)\nhttp://www.checkpoint.com/defense/\n\nWeb commands injection through FTP Login in Synology Disk Station\nCVE-2010-2453\n\n\nINTRODUCTION\n\nSynology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology\u0027s goal \nis to deliver user-friendly storage solutions and solid customer service to satisfy the needs of businesses, home offices, individual users and \nfamilies. \n\nThe disk station product provided by Synology as Network Attached Storage is vulnerable to multiple vulnerabilities including the possibility of \nremote command execution via CSRF (Cross Site Request Forging) through FTP login console. The FTP server is provided as a configurable service \nthrough web interface which provides backend access to manage the disks station. The problem occurs in the FTP logging mechanism together with the \nadmin interface used to view those logs. The FTP console input in the form username and password gets logged in the web application interface. \n\nThis problem was confirmed in the following versions of Synology Disk Station, other versions may be also affected. \n\nSynology Disk Station 2.x\n\nSynology issued an update for this vulnerability in the release DSM3.0-1337. \n\n\nCVSS Scoring System\n\nThe CVSS score is: 9.5\n\tBase Score: 10\n\tTemporal Score: 9.5\nWe used the following values to calculate the scores:\n\tBase score is: AV:N/AC:L/Au:N/C:C/I:C/A:C\n\tTemporal score is: E:F/RL:U/RC:C\n\n\nDETAILS\n\n\nThere are four steps for exploitation, specified here together with the identified problem:\n\n\t1. The attacker can inject malicious input from the FTP login console. As the authentication credentials are inappropriate the FTP authentication \n\tmodule generates error and the requisite input is logged in to the web interface of the disk station. \n\t2. Secondly the FTP logging module is not designed appropriately and the content comes from the FTP login console is directly placed into the log \n\twindow without verification of the Content-Type parameter. The content is allowed to be rendered as HTML, Script etc. An attacker can inject \n\tmalicious HTML tags, DOM calls, third part y scripts, CSRF calls that gets executed in the context of logged in account which is administering it. \n\t3. Usually log mechanism is handled by the admin account. The chances of code execution and injection fulfillment are high within full privileges \n\tas of administrator. So any code injected by the attacker becomes persistent in most of the cases and remain there for execution. Moreover CSRF \n\tcode with malicious calls can be executed without user interaction. \n\t4. Attacker has to be well versed in directory structure of the disk station manager so that injections can be made according to that and further \n\toperations can be performed. The FTP servers accept username string upto 80-100 characters which is good enough to craft injections to get the \n\tthings done The scripts can be inserted from local domain or LAN or third party source to inject arbitrary code. \n\nC:\\Users\\Administrator\u003eftp example.com\nConnected to example.com. \n220 Disk Station FTP server at DiskStation ready. \nUser (example.com:(none)): \"/\u003e\u003cscript\u003ealert(\"Check Point VDT\"\u003c/script\u003e\n331 Password required for \"/\u003e\u003cscript\u003ealert(\"Check Point VDT\"\u003c/script\u003e\nPassword:\n530 Login incorrect. \nLogin failed. \nftp\u003e Invalid command. \nftp\u003e bye\n421 Timeout (300 seconds): closing control connection. \n\nIn order to determine the size of the allowed input string, we can do:\n\nC:\\Users\\Administrator\u003eftp example.com\nConnected to example.com. \n220 Disk Station FTP server at DiskStation ready. \nUser (example.com:(none)): AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -\u003e Our input\n331 Password required for AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA. -\u003e The total lenght really used\nPassword:\n530 Login incorrect. \nLogin failed. \nftp\u003e Invalid command. \nftp\u003e bye\n421 Timeout (300 seconds): closing control connection. \n\n\n\nCREDITS\n\nThis vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT) and Aditya\nK. Sood from Secniche. \n\n\n\nBest Regards,\n \nRodrigo. \n \n--\nRodrigo Rubira Branco\nSenior Security Researcher\nVulnerability Discovery Team (VDT)\nCheck Point Software Technologies\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-2453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "db": "BID",
        "id": "43542"
      },
      {
        "db": "VULHUB",
        "id": "VHN-45058"
      },
      {
        "db": "PACKETSTORM",
        "id": "94283"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-45058",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45058"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-2453",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20100926 WEB COMMANDS INJECTION THROUGH FTP LOGIN IN SYNOLOGY DISK STATION - CVE-2010-2453",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "43542",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "94283",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-45058",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45058"
      },
      {
        "db": "BID",
        "id": "43542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "db": "PACKETSTORM",
        "id": "94283"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ]
  },
  "id": "VAR-201009-0275",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45058"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:04:28.133000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.synology.com/index.php?lang=default"
      },
      {
        "title": "synology_x86_1010+_1337",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=34456"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45058"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2453"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2453"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2453"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/513970/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.synology.com/enu/index.php"
      },
      {
        "trust": 0.1,
        "url": "http://www.checkpoint.com/defense/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2453"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-45058"
      },
      {
        "db": "BID",
        "id": "43542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "db": "PACKETSTORM",
        "id": "94283"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-45058"
      },
      {
        "db": "BID",
        "id": "43542"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "db": "PACKETSTORM",
        "id": "94283"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-2453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45058"
      },
      {
        "date": "2010-09-28T00:00:00",
        "db": "BID",
        "id": "43542"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "date": "2010-09-28T02:17:53",
        "db": "PACKETSTORM",
        "id": "94283"
      },
      {
        "date": "2010-09-29T17:00:02.993000",
        "db": "NVD",
        "id": "CVE-2010-2453"
      },
      {
        "date": "2010-09-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-45058"
      },
      {
        "date": "2010-09-28T00:00:00",
        "db": "BID",
        "id": "43542"
      },
      {
        "date": "2012-03-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      },
      {
        "date": "2018-10-10T19:59:35.683000",
        "db": "NVD",
        "id": "CVE-2010-2453"
      },
      {
        "date": "2010-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Synology Disk Station Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-002952"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201009-279"
      }
    ],
    "trust": 0.6
  }
}

ghsa-hjjc-2jc4-2pq4

Vulnerability from github

Published

2022-05-14 02:44

Modified

2022-05-14 02:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-09-29T17:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue.",
  "id": "GHSA-hjjc-2jc4-2pq4",
  "modified": "2022-05-14T02:44:27Z",
  "published": "2022-05-14T02:44:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2453"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2010-2453

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-2453

Aliases

CVE-2010-2453

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2453",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue.",
    "id": "GSD-2010-2453",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-2453"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2453"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue.",
      "id": "GSD-2010-2453",
      "modified": "2023-12-13T01:21:31.281314Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-2453",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1144:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1157:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1161:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.2-1042:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.2-1045:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1139:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.3-1141:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:3.0-1334:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.2-1041:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:synology:dsm:2.2-0942:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds110\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds410:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds1010\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds710\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds409slim:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds410j:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds411\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds210\\+:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds210j:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds110j:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds209:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:synology:disk_station_ds109:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2453"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a \"web commands injection\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100926 Web commands injection through FTP Login in Synology Disk Station - CVE-2010-2453",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/513970/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:59Z",
      "publishedDate": "2010-09-29T17:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2010-2453

Vulnerability from cvelistv5

var-201009-0275

Vulnerability from variot

ghsa-hjjc-2jc4-2pq4

Vulnerability from github

gsd-2010-2453

Vulnerability from gsd

Tags

Sightings

Nomenclature